# UC Volcanic Hazards Simulation Website #


## Project Description

This is Volcanic Simulation website created by Robert Ramsay
(robert.ramsay.nz@gmail.com). 

It was created for Jacqueline Dohaney and Ben Kennedy from the University of
Canterbury's Geological Sciences Dept., and is designed to be used as a
teaching and demonstration tool for volcanic eruptions. 


## A Quick Note: Passwords

There are two seperate passwords on the system.

1. The admin password that the end-user is asked for on the `admin/admin.html`
   page (The Digest HTTP-Authentication password for the `admin` user).

2. The MySQL password (for the `volcano-sim-user` user), used by the *.php
   files and the __database/*.sh scripts to access the MySQL server.


## Installation 

 1.	Setup the server.

	You'll need a server (probably a Linux one), with PHP5, Apache, and MySQL
	installed.


 2.	Place this dir in Apache's data directory.

	This directory (containing this README) is designed to be placed in the
	Apache server's webpage directory (`/var/www/` on my machine) -- as
	`/var/www/volcano-sim/` for instance.


 3. Create an admin password (for the website's `admin/` directory).

	Run `./setup_digest_passwords.sh` (in `__scripts/`)


 4. Create a MySQL password.

	Run `./setup_sql_user_password.sh` (in `__scripts/`).


 5.	Update `admin/.htaccess`.

	Change the line beginning `AuthUserFile ...` to point to the
	`__auth/.digest.passwords` file;
	`"/var/www/volcano-sim/__auth/.digest.passwords` for instance.


 6.	Setup the MySQL database and user. 

	Run `__databases/create-databases.sh`  
	(you'll probably need the MySQL admin/root password to do this). 


 7.	Add simulation-data to the database (Optional).

	Run `__databases/populate-databases.sh`.


 8.	Update Apache's settings.

	Some of the instructions in the .htaccess files are disabled by default. 
	Add something like this to the `/etc/apache2/httpd.conf`,

		<Directory /var/www/volcano-sim/>
			AllowOverride AuthConfig FileInfo Indexes
		</Directory>

	Ensure `mod_rewrite` and `mod_auth_digest` are enabled by
	running (as root) the commands, 

		a2enmod rewrite 
		a2enmod auth_digest


## Security

This is secure enough to run inside a LAN, but would require thorough checking
of its setup before placing on the internet, for an extended period of time.
Specifically the Apache settings would need to be adjusted. 

 -	There are passwords in the `__auth/` and `__databases/` dirs (and this file).
	These are in the main-dir (exported by Apache),  and should be moved
	outside of this dir (and admin/.htaccess updated) in a hostile environment.

 -	The sim/ dir will be considerably more secure than the admin/ dir, because
  	it doesn't take input data.

 -	You can increase security by changing the owner of the directory to the
 	`www-data` user (found on Debian) and restricting anything not `*.sh` to
	file mode 600. 
